From 4f2edd43ca2c4a175b4d9dce23ae9e28941122e2 Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda@yahoo.com>
Date: Thu, 23 Sep 2010 11:23:32 -0700
Subject: renamed ipchains to iptables

---
 setup_iptables.sh       | 94 +++++++++++++++++++++++++++++++++++++++++++++++++
 tools/setup_ipchains.sh | 94 -------------------------------------------------
 2 files changed, 94 insertions(+), 94 deletions(-)
 create mode 100644 setup_iptables.sh
 delete mode 100644 tools/setup_ipchains.sh

diff --git a/setup_iptables.sh b/setup_iptables.sh
new file mode 100644
index 000000000..b1ab1c6f7
--- /dev/null
+++ b/setup_iptables.sh
@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+
+CMD="global"
+IP="XXX"
+PRIVATE_RANGE="10.128.0.0/12"
+
+if [ -n "$1" ]; then
+    CMD=$1
+fi
+
+if [ -n "$2" ]; then
+    IP=$2
+fi
+
+if [ -n "$3" ]; then
+    PRIVATE_RANGE=$3
+fi
+
+if [ "$CMD" == "global" ]; then
+    iptables -P INPUT DROP
+    iptables -A INPUT -m state --state INVALID -j DROP 
+    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
+    iptables -A INPUT -m tcp -p tcp -d $MGMT_IP --dport 22 -j ACCEPT
+    iptables -A INPUT -m udp -p udp --dport 123 -j ACCEPT
+    iptables -N nova_input
+    iptables -A INPUT -j nova_input
+    iptables -A INPUT -p icmp -j ACCEPT 
+    iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset 
+    iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable 
+
+    iptables -P FORWARD DROP
+    iptables -A FORWARD -m state --state INVALID -j DROP 
+    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
+    iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
+    iptables -N nova_forward
+    iptables -A FORWARD -j nova_forward
+
+    iptables -P OUTPUT DROP
+    iptables -A OUTPUT -m state --state INVALID -j DROP 
+    iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
+    iptables -N nova_output
+    iptables -A OUTPUT -j nova_output
+    
+    iptables -t nat -N nova_prerouting
+    iptables -t nat -A PREROUTING -j nova_prerouting
+
+    iptables -t nat -N nova_postrouting
+    iptables -t nat -A POSTROUTING -j nova_postrouting
+
+    iptables -t nat -N nova_output
+    iptables -t nat -A OUTPUT -j nova_output
+
+    # ganglia (all hosts)
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 8649 -j ACCEPT
+    iptables -A nova_input -m udp -p udp -d $IP --dport 8649 -j ACCEPT
+fi
+
+if [ "$CMD" == "dashboard" ]; then
+    # dashboard
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 80 -j ACCEPT
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 443 -j ACCEPT
+fi
+
+if [ "$CMD" == "objectstore" ]; then
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 3333 -j ACCEPT
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 8773 -j ACCEPT
+fi
+
+if [ "$CMD" == "redis" ]; then
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 6379 -j ACCEPT
+fi
+
+if [ "$CMD" == "mysql" ]; then
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 3306 -j ACCEPT
+fi
+
+if [ "$CMD" == "rabbitmq" ]; then
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 4369 -j ACCEPT
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 5672 -j ACCEPT
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 53284 -j ACCEPT
+fi
+
+if [ "$CMD" == "dnsmasq" ]; then
+    # NOTE(vish): this could theoretically be setup per network
+    #             for each host, but it seems like overkill
+    iptables -A nova_input -m tcp -p tcp -s $PRIVATE_RANGE --dport 53 -j ACCEPT
+    iptables -A nova_input -m udp -p udp -s $PRIVATE_RANGE --dport 53 -j ACCEPT
+    iptables -A nova_input -m udp -p udp --dport 67 -j ACCEPT
+
+if [ "$CMD" == "ldap" ]; then
+    iptables -A nova_input -m tcp -p tcp -d $IP --dport 389 -j ACCEPT
+fi
+
+
diff --git a/tools/setup_ipchains.sh b/tools/setup_ipchains.sh
deleted file mode 100644
index b1ab1c6f7..000000000
--- a/tools/setup_ipchains.sh
+++ /dev/null
@@ -1,94 +0,0 @@
-#!/usr/bin/env bash
-
-CMD="global"
-IP="XXX"
-PRIVATE_RANGE="10.128.0.0/12"
-
-if [ -n "$1" ]; then
-    CMD=$1
-fi
-
-if [ -n "$2" ]; then
-    IP=$2
-fi
-
-if [ -n "$3" ]; then
-    PRIVATE_RANGE=$3
-fi
-
-if [ "$CMD" == "global" ]; then
-    iptables -P INPUT DROP
-    iptables -A INPUT -m state --state INVALID -j DROP 
-    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-    iptables -A INPUT -m tcp -p tcp -d $MGMT_IP --dport 22 -j ACCEPT
-    iptables -A INPUT -m udp -p udp --dport 123 -j ACCEPT
-    iptables -N nova_input
-    iptables -A INPUT -j nova_input
-    iptables -A INPUT -p icmp -j ACCEPT 
-    iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset 
-    iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable 
-
-    iptables -P FORWARD DROP
-    iptables -A FORWARD -m state --state INVALID -j DROP 
-    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-    iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
-    iptables -N nova_forward
-    iptables -A FORWARD -j nova_forward
-
-    iptables -P OUTPUT DROP
-    iptables -A OUTPUT -m state --state INVALID -j DROP 
-    iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-    iptables -N nova_output
-    iptables -A OUTPUT -j nova_output
-    
-    iptables -t nat -N nova_prerouting
-    iptables -t nat -A PREROUTING -j nova_prerouting
-
-    iptables -t nat -N nova_postrouting
-    iptables -t nat -A POSTROUTING -j nova_postrouting
-
-    iptables -t nat -N nova_output
-    iptables -t nat -A OUTPUT -j nova_output
-
-    # ganglia (all hosts)
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 8649 -j ACCEPT
-    iptables -A nova_input -m udp -p udp -d $IP --dport 8649 -j ACCEPT
-fi
-
-if [ "$CMD" == "dashboard" ]; then
-    # dashboard
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 80 -j ACCEPT
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 443 -j ACCEPT
-fi
-
-if [ "$CMD" == "objectstore" ]; then
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 3333 -j ACCEPT
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 8773 -j ACCEPT
-fi
-
-if [ "$CMD" == "redis" ]; then
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 6379 -j ACCEPT
-fi
-
-if [ "$CMD" == "mysql" ]; then
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 3306 -j ACCEPT
-fi
-
-if [ "$CMD" == "rabbitmq" ]; then
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 4369 -j ACCEPT
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 5672 -j ACCEPT
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 53284 -j ACCEPT
-fi
-
-if [ "$CMD" == "dnsmasq" ]; then
-    # NOTE(vish): this could theoretically be setup per network
-    #             for each host, but it seems like overkill
-    iptables -A nova_input -m tcp -p tcp -s $PRIVATE_RANGE --dport 53 -j ACCEPT
-    iptables -A nova_input -m udp -p udp -s $PRIVATE_RANGE --dport 53 -j ACCEPT
-    iptables -A nova_input -m udp -p udp --dport 67 -j ACCEPT
-
-if [ "$CMD" == "ldap" ]; then
-    iptables -A nova_input -m tcp -p tcp -d $IP --dport 389 -j ACCEPT
-fi
-
-
-- 
cgit